export DEBIAN_FRONTEND="noninteractive"

# Update APT and ensure our required packages are installed
apt-get -qy update
<% %w(lxc apparmor bridge-utils debootstrap yum iptables iptables-persistent ntpdate ntp pbzip2).each do |package| -%>
dpkg --status <%= package %> &> /dev/null || apt-get -qy install <%= package %>
<% end -%>

# Ensure the default lxc networking services are off
service lxc-net stop || true
echo "manual" | tee /etc/init/lxc-net.override

# Ensure NTP services are enabled and running
service ntp restart || service ntp start

# Enable IPv4 forwarding
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sysctl -w net.ipv4.ip_forward=1

# Install an iptable NAT rule
if ! (iptables -t nat -v --list | grep "MASQUERADE"); then
  iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  iptables-save | tee /etc/iptables/rules.v4
fi

grep 'mount fstype=nfs,' /etc/apparmor.d/abstractions/lxc/container-base || cat <<EOF | tee -a /etc/apparmor.d/abstractions/lxc/container-base
  mount fstype=nfs,
EOF

grep 'mount fstype=rpc_pipefs,' /etc/apparmor.d/abstractions/lxc/container-base || cat <<EOF | tee -a /etc/apparmor.d/abstractions/lxc/container-base
  mount fstype=rpc_pipefs,
EOF

service apparmor reload
